AMENDMENTS TO THE CLAIMS; 



1 . (Original) A method of establishing a virtual private network tunnel, the method comprising: 

receiving, from a user whose IP address is not known in advance, a first request to form 
an encrypted timnel with a security gateway; 
forming the encrypted tunnel; 
authenticating the user; 
determining an IP address of the user; 

establishing a correspondence between the IP address and a first shared secret authorized for the 
user; 

receiving a second request from the user to form a virtual private network tunnel, the request 

incorporating a second shared secret; 

determining whether the first shared secret matches the second shared secret; and 
forming the virtual private network tunnel when the first shared secret matches the 

second shared secret. 

2. (Original) The method of claim 1 , wherein the first request comprises a request to form a 
Hypertext Transfer Protocol over Secure Socket Layer session. 

3. (Original) The method of claim 1, wherein the authenticating step comprises receiving and 
verifying a usemame/password pair from the user. 

4. (Original) The method of claim 1 , wherein the second request comprises a request to form 
an IPSec tmrnel. 
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5. (Original) The method of claim 1, wherein the establishing step comprises comparing a 
usemame and password provided by the user with a database of usemames, passwords and 
shared secrets. 

6. (Original) The method of claim 1, wherein the second request incorporates a hashing 
function based on the second shared secret. 

7. (Original) The method of claim 1, wherein the step of determining whether the first shared 
secret matches the second shared secret comprises attempting to decrypt at least a portion of the 
second request. 

8. (Original) The method of claim 1, wherein the establishing step comprises making an entry 
in an IPSec table, the entry comprising the IP address and the first shared secret. 

9. (Original) The method of claim 8, wherein the entry is a temporary entry that is deleted after 
the occurrence of a predetermined event. 

10. (Original) The method of claim 9, wherein the predetermined event comprises a passage of a 
predetermined time. 

1 1 . (Original) The method of claim 9, further comprising the step of tearing down the virtual 
private network tunnel when the temporary entry is deleted. 

12. (Original) A computer program embodied in a machine-readable medium, the computer 
program comprising instructions for controlling a security gateway to perform the following 
steps: 

receiving, from a user whose IP address is not known in advance, a first request to form 
an encrypted tunnel with a security gateway; 
forming the encrypted tunnel; 
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authenticating the user; 

determining an IP address of the user; 

establishing a correspondence between the IP address and a first shared secret authorized for the 
user; 

receiving a second request from the user to form a virtual private network tunnel, the request 

incorporating a second shared secret; 

determining whether the first shared secret matches the second shared secret; and 
forming the virtual private network tunnel when the first shared secret matches the 

second shared secret. 

13. (Original) The computer program of claim 12, wherein the first request comprises a request 
to form a Hypertext Transfer Protocol over Secure Socket Layer session. 

14. (Original) The computer program of claim 12, wherein the authenticating step comprises 
receiving and verifying a usemame/password pair from the user. 

15. (Original) The computer program of claim 12, wherein the second request comprises a 
request to form an IPSec tunnel. 

16. (Original) The computer program of claim 12, wherein the establishing step comprises 
comparing a usemame and password provided by the user with a database of usemames, 
passwords and shared secrets. 

17. (Original) The computer program of claim 12, wherein the second request incorporates a 
hashing function based on the second shared secret. 

18. (Original) The computer program of claim 12, wherein the step of determining whether the 
first shared secret matches the second shared secret comprises attempting to decrypt at least a 
portion of the second request. 
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19. (Original) A security gateway, comprising: 

means for receiving, from a user whose IP address is not known in advance, a first 
request to form an encrypted tunnel with a security gateway; 
means for forming the encrypted tunnel; 
means for authenticating the user; 
means for determining an IP address of the user; 

means for establishing a correspondence between the IP address and a first shared secret 
authorized for the user; 

means for receiving a second request from the user to form a virtual private network tunnel, the 
request incorporating a second shared secret; 

means for determining whether the first shared secret matches the second shared secret; 

and 

means for forming the virtual private network tunnel when the first shared secret matches 
the second shared secret. 

20. (Original) A security gateway, comprising: 

a first port configured for communication with the Internet; 

a second port configured for communication with a private network; and 

at least one processor configured to: 

receive, via the first port, a first request to form an encrypted tunnel with a security 
gateway from a user whose IP address is not known in advance; 
form the encrypted tunnel; 
authenticate the user; 
determine an IP address of the user; 

establish a correspondence between the IP address and a first shared secret authorized for the 
user; 
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receive a second request from the user to form a virtueil private network tunnel, the request 

incorporating a second shared secret; 

determine whether the first shared secret matches the second shared secret; and 

form the virtual private network tunnel when the first shared secret matches the second 

shared secret. 

21. (Canceled) 
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